Contributed by: ElyseRomano Friday, November 29 2013 @ 06:55 am
Smart online daters are concerned about their privacy no matter what online dating site they use, but those less familiar with Internet privacy issues might assume that major dating sites like Match.com and eHarmony.com are safer than their free counterparts. Does "free" automatically mean unsafe? Does "paid" automatically mean secure?
EFF, the Electronic Frontier Foundation, an organization dedicated to defending your rights in the digital world, conducted an investigation into the privacy and security practices of major online dating sites to see just how well they're safeguarding your privacy. Two of the sites they tested, Plenty of Fish and OKCupid, are the Web's most notorious free dating services. How well did they stack up against the paid competition?
Neither Plenty of Fish nor OkCupid uses HTTPS by default. For the less tech-savvy among you, HTTPS is standard Web encryption used to secure websites (often those that allow financial transactions). Without HTTPS, users can be vulnerable to eavesdroppers when they use shared networks like those found in coffee shops or libraries.
EFF also found that neither Plenty of Fish nor OkCupid is free of mixed content, meaning that even if certain elements of the site are generally secured with HTTPS, other portions of its content are served over an insecure connection. Again, it may be possible for an eavesdropper to see the images on a page or other content when the page is not properly secured.
EFF also tested whether Plenty of Fish and OkCupid use secure cookies. A "cookie" contains authentication information that helps the site recognize you and allows for easy access to information in your account. It's cookies that allow you to return to a site and be logged in without having to reenter your password. If the cookies are not secure, an attacker can trick your browser and use your cookies to take over your session with the site.
The last thing EFF tested was whether or not the site deleted your data after your account was closed. Both Plenty of Fish and OkCupid were vague about the details. After looking at the sites' privacy policies and terms of service, EFF could not find a clear description of what happens to a user's data after deleting their account.
Plenty Of Fish says "We keep your information only as long as we need it for legitimate business purposes and to meet any legal requirements," but who knows what that really means? OkCupid says they "may still retain certain information associated with your account for analytical purposes and recordkeeping integrity," as well as for a host of other things.
Things look pretty bad for Plenty of Fish and OkCupid when it's all laid out like that, but how do they compare to other dating sites? Stay tuned to find out...